The U2F security key was created in order to provide increased security for connecting to user accounts. Google, Facebook, WordPress, etc., are services containing various types of personal data, such as photos or private discussions that are not intended for public disclosure.
Using a U2F key is undoubtedly the best way to protect your online accounts: in addition to having your login and password, you need to have the key with you…
A single password may be sufficient for people who occasionally use these services, along with double authentication (i.e. 2FA, also known as Two Factor Authentication, as popularized by Google Authenticator) whose use has expanded across various platforms. But the most experienced should start using a U2F key in order to ensure total protection of their computer accounts, whether they are social media, online file storage or otherwise.
How does a U2F key work?
Its shape is identical to a traditional USB flash drive, except the device contains no data. It actually contains a single secure chip that allows the person using it to access their account. In a certain sense, it’s like the key to a safe that there’s only one of in existence – no duplication is possible.
The proper functioning of this USB drive is based on the Universal Second Factor protocol, also abbreviated as FIDO U2F. This IT standard was developed by three companies: Google (with Google Titan), Yubico (with Yubikey NEO) and NXP. NXP also invented NFC chips. The U2F standard has been since handed over to the FIDO Alliance, which encompasses several IT companies.
We advise you to buy at least 2 copies of the key and associate both of them to your accounts. One that you keep with you at all times, and one for back-up at home.
Comparison of U2F keys
Advantages and disadvantages
Advantages
- Total security: Only the person who holds the U2F key can connect to the associated account using the password. Security is therefore taken to a higher level by completely restricting access to user accounts. A password is not enough in itself; the U2F key is needed. Only the person possessing these two means of authentication can access the intended account.
- Ease of use: When you buy a U2F security key, you simply link it to a compatible computer service. Once it’s set up, which takes very little time, there’s nothing more to do than connect the key to the computer when you need to authenticate to a site. You simply push the button on the key to verify the authentication. It’s extremely easy to use, and only takes a few additional seconds, but it ensures a higher level of security.
Disadvantages
- An additional step: Connection to an internet service is now subject to authentication by a U2F security key, so you must remember to bring it with you at all times. If you forget to bring it, you can’t connect to your account. On the other hand, if your security key is permanently lost, a backup solution is automatically requested during configuration. It is nevertheless suggested that you have two keys: one attached to your key chain and another that’s kept in a separate place just in case (a safe, or another place in your home…).
- An initial investment: U2F security keys cost money, of course, but it’s not that much compared to the value they provide. They start out at around ten euros, and can cost up to around fifty euros. The features vary according to price, with the most expensive keys offering other options, such as NFC chips. When you think about it, fifty euros to reduce your chances of being hacked to practically nothing…you could say it’s a real bargain!
U2F keys currently on the market
Several dozen are available. Hypersecu offers the most affordable keys on the market, at less than ten euros. The features are very basic since it’s a just mini key with a small button to verify authentication. Yubico has developed security keys which fit various types of USB ports. Another brand that’s very popular, Chipnet has the most expensive keys, but they offer the most features, such as NFC chips.
The Yubico keys
Works with Gmail, Facebook, Dropbox, Twitter, Dashlane and many other services.
Durable, waterproof, and crush-resistant - simply attach it to your key ring.
Supports FIDO2 and FIDO U2F protocols only
Made in Sweden
Works instantly without the need to enter a code -- replacing SMS or authentication software, RSA tokens and other devices
Identifies itself as a USB keyboard and smartcard and smartcard reader combination -- no driver or client software required, no battery or removable part
The FIDO U2F is waterproof, shock-resistant and virtually indestructible in normal use. It weighs only 1 gram and fits almost entirely into a USB port.
Produced in the USA and Sweden with a high level of safety and quality
- Protect online accounts against unauthorized access by using two factor authentication with this security key.
- Works with Gmail, Facebook, Dropbox, Twitter, Dashlane, LastPass and hundreds of other services
- Extremely secure and durable - YubiKeys are tamper proof, water resistant, and crush resistant
- Fits USB-A computer ports and designed to stay in port | Touch based authentication for NFC supported Android and iOS devices and applications
- Multi-protocol support: FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, Challenge-Response.
- Protect online accounts against unauthorized access by using two factor authentication with this security key.
- Works with Gmail, Facebook, Dropbox, Twitter, Dashlane, LastPass and hundreds of other services
- Durable & water resistant
- Fits USB-C computer ports and designed to fit on your keychain
- Multi-protocol support: FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, Challenge-Response
Website compatibility with U2F keys
Several hundred sites or services currently allow connection with a U2F key. Here is a non-exhaustive list of companies:
|
Password
|
Developper
|
CMS
|
|
OS
|
Crypto
|
Social
|
|
Business
|
Games
|
Others
|
Several hundred sites currently allow connection with a U2F key. Among them all the services of Google (Gmail, Drive, Hangouts…), Facebook, Twitter, Dashlane, Dropbox or WordPress.
Other services such as FastMail, PushCoin or Sentry.
For the most geeks among you, you can also manage the login of your PC or Macbook with a U2F key.
The list is constantly updated according to the evolution of the sites and their policies. Check with the support of the sites you visit to find out if they use U2F key logon.
U2F keys of other brands
Two-step verification on Facebook, Google, Gmail, Dropbox, OneDrive, GitHub and many new services that now use this new security measure.
Auto - installable on Windows, Mac, Linux and Android. Very easy to use, without having to install any drivers or programs.
Web support with Spanish user manuals
Supports Chrome OS, Windows, MacOS, Linux and Android.
Prevents phishing or man-in-the-middle. Site-specific keys. Pre-installed OATH OTP applet.
CCID-compatible USB, including secure element and JavaCard.
Stock and support from France and UK.
Two-step verification of Facebook, Google, Gmail, Dropbox, OneDrive, GitHub, and other services that go along with this new security measure.
Auto-installation on Windows, Mac and Linux. Very easy to use, without installing any drivers or programs.
Spanish user guides and personalized after-sales support
- Prise en charge FIDO2
- Prise en charge FIDO U2F
- Prise en charge OATH HOTP (mot de passe unique basé sur un événement)
How does the 2FA system work?
To go further, U2F keys are a dual authentication system to prevent hacking and piracy, the 2FA system reinforces cybersecurity. 2FA means: two-factor authentication, or two-step validation.
2FA requires two different ways of identifying oneself in order to connect to a service or one’s account. For example, withdrawing money from an ATM requires the insertion of the bank card and then the PIN (personal identification number). Other types of 2FAs work with a single-use code, changing with each connection, for example with Google Authentificator.
Types of 2FA system
The 2FAs by sms work by receiving a different code by sms. More efficient, the 2FA by authentication application produces codes locally from the mobile device used. It uses a start key called “seed”, which is generated and stored in the server. It is encoded and synchronized with the time and date, as soon as you connect. The 2FAs by login validation use public key cryptography to verify identity. Finally, the U2F (two steps verification) is the improved version of the 2FA, using an independent component: smart card, login token or fido u2 security key.
Disadvantages of 2FA
If the user of a 2FA to sms is in an area not covered by the server, he will not receive sms. The disadvantage is that scammers can connect to a mobile phone using the SIM Swap technique. Therefore, it is not recommended to use the 2FA by sms. Even the 2FA by login validation are vulnerable, because if a mailbox is hijacked, passwords can be reset and the verification code sent by mail to the malefactor.